With the increased availability of broadband Internet connections, the use of Voice over Internet Protocol (VoIP) to make telephone calls over the Internet has also increased. In many cases, sensitive information is passed between endpoints in a VoIP system. This is especially common in interactive voice response (IVR) applications in which an individual on one end of the call interacts with an IVR computer system on the other end of the call. Typically, the IVR system plays pre-recorded voice prompts in response to which the individual speaks a response or presses a number on the telephone keypad to select an option.
One popular IVR application relates to prepaid and postpaid calling card services, in which a caller wishing to make a telephone call first dials into a service provider's main phone number. The service provider's IVR server prompts the caller to enter an account ID and optionally a password or PIN using the telephone keypad. In some cases, the caller may be required to enter a credit card number for billing purposes. Once the caller is authenticated by the IVR server, the caller is prompted to dial the destination number. The service provider will then route the call to the destination number and will charge the call to the caller's account.
A wide range of voice security features have been developed to protect the sensitive information entered by users. For example, media encryption using Secure Real-time Transport Protocol (SRTP) is typically used for encrypting voice conversation, rendering the audio stream unintelligible to internal or external eavesdroppers who have gained access to the voice domain. Designed specifically for VoIP packets, SRTP supports the AES encryption algorithm, and is an Internet Engineering Task Force (IETF) RFC 3711 standard. IPsec (IP security) is another standard used for securing VoIP communications at the network layer by encrypting and/or authenticating all IP packets. Unfortunately, the use of SRTP and IPsec to encrypt VoIP calls can place a significant burden on network resources, including bandwidth availability and digital signal processing (DSP) hardware. Thus, the number of simultaneous sessions capable of being supported by a particular gateway device or IVR server may be substantially limited if conventional encryption methods are used.